 Welcome to weather analysis for hedgehogs. So I moved my place and from now on this will be my new Melville fighting lab. In the last couple of days I got several remarks and comments saying something along the lines of you need to ride Melville to become a good weather analyst. Let's check this out. So here's one of those, the only one I got in English actually. It says I would suggest to spend a year or two learning to ride Melville, practice releasing it in the wild, get really good at being a blackhead, build a large resume of exploits and then use that for experience. Just be honest with the interviewer they can hire you or hire someone else to try and stop you. Each other self-motivated go-getters. And the German ones, I will show them in case you know German, but yeah it basically the question is how closely related are Mavarners and Mavic creators. And the second one said I also wrote a trojan in my youth. I pretended to be 12 year old in the chat and it the trojan was not detected by any of the antivirus programs. I binded it with JPEG files and I could have could have extorted people but it wasn't my humor. And I'm proud of that. I want to know that this is advantageous for cyber security. So there are actually several questions. Let's start with the easiest first. That's does HR human resources like to see people who say they have experience riding Melville? That's a clear no from me. Of course I can only speak for the company I work for and for our hiring practices. But I assume that for all antivirus companies at least this is the same. There is this conspiracy theory that antivirus companies only that they ride Melville so they can get better cells. It's like similar to the conspiracy that the pharmacy industry creates illnesses to sell their medications. That's actually just to be clear. It's not true. It's a conspiracy. We don't need to do that simply because there's enough Melville out there without us doing anything. So why would we spend our time with writing something well what we have plenty of. So it doesn't make sense. But just because this myth always comes up and also because the antivirus companies do not want to add fuel to the fire or get a bad reputation they will never hire anyone who openly boasts about having written Melville. So if you are I mean how would people get to know that you hire such people. That is if you have someone in the company who openly talks about it because they are proud of it. And yeah that's exactly a reason not to hire you. It would be a red flag actually. And the other thing that I would as a someone who employs people I would think well they are doing unethical things. They are doing criminal things. Why should I take the risk and hire them and then maybe they do something criminal in my company. So they could let's say use this internal knowledge to do something bad. So no I totally would not do that. So I don't know why people get the idea that this is like beneficial for HR to hear that you did black hat stuff. So it's not. If you did that and you want to turn your path around and become employed in cybersecurity shut up about it. I mean this person who said they wrote Melville as a teenager I told them the same and they said something like you are bigoted to believe that no one in your company has written Melville before. Now there's a huge difference in my opinion between writing Melville without releasing it to the wild. So and just to have some exercise going on and writing Melville and infecting systems with it and being proud of it. The proud aspect is actually killing me. Did we employ people who wrote Melville? Yeah we had a student who wrote a Melville and simultaneously wrote the entitle to it. So he let's say he explored a certain technique to evade antivirus detection and the way but the way this is usually done is you know that you do not write actual malicious code but you can use something like iCar which is an antivirus test file and put that into the final payload so that your creation isn't actually malicious but detected by all antivirus programs so you can test if your evasion technique works so that the payload is not detected. Yeah we had such people we had with an intern like that but that's an entirely different thing. The other question that was asked in here was like along the lines of is this advantageous or are the skills advantageous to become a malvernomist? Can you like this person who said they did this at 12 year old they said something like yeah I would be an awesome malvernomist because I had this experience in the past. Now the things that the skill overlap for writing malware and reversing malware is actually quite small surprisingly small like yeah you know you need to know like maybe types generally how antiviruses detect malware how malware evades antiviruses in general but then as a malware writer you only need to know a few of these things you need to know one language and how to write code in it you actually don't need to know any of the ways to make malware undetected if you just buy a binder packer protector or crypto whatever you can buy that if you don't know anything about it so but I guess if you want to write very good malware you might also get into like Windows internals topics but now imagine what's the ideal skill set of a malware analyst. The ideal malware analyst knows every operating system every compiler and every language because no matter what malware you throw at them they can reverse engineer it and that's a little bit the reality actually because no one will you get all kinds of malware there's no sorting into like you only do the .NET stuff or you only do the C++ malware that doesn't happen in at least not an Aura company like you need to know you need to be able to pick up everything of course no person knows how to read every programming language how to read every assembly code that exists so your main skill set is in being able to pick up things quite fast if you need them so you teach it to yourself you need to know how to learn on a relatively fast pace and that's the challenging part about malware analysis like this is so interdisciplinary you have so many potential things that could be beneficial to know that it's really hard to say like this is the skill set that a malware analyst has because everything could be potentially across your way and be of help to have a skill in that so yeah it's not that simple and if you write malware you you're not automatically someone who can reverse engineer anything that's actually think this through using an example what do you need to know to write ransomware one that's like where you have basic quality standards to it being a not decryptable not decryptable by third parties so if you want to write ransomware you would need to know how to use at least one programming language to write coding and you would need to know the basics of cryptography to use cryptographic functions in a way that they cannot be broken and also you would need to know some basics in psychology how to extort someone effectively so that they pay how do I make them pay how do I make the the likelihood that they pay higher there are certain tricks used like there's put some sense of urgency there's they would try to scare people sometimes ransomware posed as even the FBI and saying if you don't pay us we will put you into jail so they they have some set of trying to appear as an authority like Europol or the FBI and yeah so there are certain certain tricks being used to raise the likelihood that someone pays so these are the skills you need now if you want to analyze ransomware on the other hand what you want to achieve is firstly you will probably want to write detection signatures depending what your goal is and you will probably want to tell the the the customers the the persons who asked you for help hey can I decrypt my files so you would want to know what encryption algorithm was used and is this crackable so that's a an entirely different level of cryptography knowledge that you need there because there's using it is easy but cracking it on the other hand that requires a little bit more than that actually a lot more because the ideal analyst the ideal male analyst knows all of the cryptographic algorithms and can recognize them if he or she sees them in the code yeah of course that does not exist but that's like the skill set that kind that's kind of expected of you and that's really whereas if you just write ransomware one of the algorithms is enough one that's sufficient one that's secure that cannot be cracked whereas you as the mother notice you need to know all of them especially the unsafe ones that you can crack and you need to go into the field of crypt analysis and not only cryptography like knowing how to find weaknesses in the encryption procedures so I think that highlights a bit how useful this knowledge of writing ransomware really is when you are on the other side not that much also you don't need to write ransomware to learn the cryptography part that you need for male analysis you can not do the extortion thing and use cryptography for something good and learn the same and to the question how closely related I'm matter creator matter analyst my answer is not really related because anyone who's a software developer is much much closer when it comes to this skill set than a matter creator no no then a matter analyst to a matter creator so matter creation is nothing else than software development if you think about it it's just software development and everyone who's a software developer could write a matter that wraps it up for the day if you have any questions about my job please ask and I hope I didn't scare you with the matter analysis requirements it's you know that was just an ideal analyst but I think it highlights how interdisciplinary the field actually is so yeah see you next time and thanks for watching